---
title: Oauth2Provider
editUrl: https://github.com/toolbeam/openauth/blob/master/packages/openauth/src/provider/oauth2.ts
description: Reference doc for the `Oauth2Provider`.
---

import { Segment, Section, NestedTitle, InlineSection } from 'toolbeam-docs-theme/components'
import { Tabs, TabItem } from '@astrojs/starlight/components'

<div class="tsdoc">
<Section type="about">
Use this to connect authentication providers that support OAuth 2.0.

```ts {5-12}
import { Oauth2Provider } from "@openauthjs/openauth/provider/oauth2"

export default issuer({
  providers: {
    oauth2: Oauth2Provider({
      clientID: "1234567890",
      clientSecret: "0987654321",
      endpoint: {
        authorization: "https://auth.myserver.com/authorize",
        token: "https://auth.myserver.com/token"
      }
    })
  }
})
```
</Section>
---
## Methods
### Oauth2Provider
<Segment>
<Section type="signature">
```ts
Oauth2Provider(config)
```
</Section>
<Section type="parameters">
#### Parameters
- <p><code class="key">config</code> [<code class="type">Oauth2Config</code>](/docs/provider/oauth2#oauth2config)</p>
</Section>
<InlineSection>
**Returns** <code class="type">Provider</code>
</InlineSection>
</Segment>
## Oauth2Config
<Segment>
<Section type="parameters">
- <p>[<code class="key">clientID</code>](#oauth2config.clientid) <code class="primitive">string</code></p>
- <p>[<code class="key">clientSecret</code>](#oauth2config.clientsecret) <code class="primitive">string</code></p>
- <p>[<code class="key">endpoint</code>](#oauth2config.endpoint) <code class="primitive">Object</code></p>
  - <p>[<code class="key">authorization</code>](#endpoint.authorization) <code class="primitive">string</code></p>
  - <p>[<code class="key">token</code>](#endpoint.token) <code class="primitive">string</code></p>
- <p>[<code class="key">pkce?</code>](#oauth2config.pkce) <code class="primitive">boolean</code></p>
- <p>[<code class="key">query?</code>](#oauth2config.query) <code class="primitive">Record</code><code class="symbol">&lt;</code><code class="primitive">string</code>, <code class="primitive">string</code><code class="symbol">&gt;</code></p>
- <p>[<code class="key">scopes</code>](#oauth2config.scopes) <code class="primitive">string</code><code class="symbol">[]</code></p>
</Section>
</Segment>
<NestedTitle id="oauth2config.clientid" Tag="h4" parent="Oauth2Config.">clientID</NestedTitle>
<Segment>
<Section type="parameters">
<InlineSection>
**Type** <code class="primitive">string</code>
</InlineSection>
</Section>
The client ID.

This is just a string to identify your app.
```ts
{
  clientID: "my-client"
}
```
</Segment>
<NestedTitle id="oauth2config.clientsecret" Tag="h4" parent="Oauth2Config.">clientSecret</NestedTitle>
<Segment>
<Section type="parameters">
<InlineSection>
**Type** <code class="primitive">string</code>
</InlineSection>
</Section>
The client secret.

This is a private key that's used to authenticate your app. It should be kept secret.
```ts
{
  clientSecret: "0987654321"
}
```
</Segment>
<NestedTitle id="oauth2config.endpoint" Tag="h4" parent="Oauth2Config.">endpoint</NestedTitle>
<Segment>
<Section type="parameters">
<InlineSection>
**Type** <code class="primitive">Object</code>
</InlineSection>
</Section>
The URLs of the authorization and token endpoints.
```ts
{
  endpoint: {
    authorization: "https://auth.myserver.com/authorize",
    token: "https://auth.myserver.com/token"
  }
}
```
</Segment>
<NestedTitle id="endpoint.authorization" Tag="h5" parent="Oauth2Config.endpoint.">authorization</NestedTitle>
<Segment>
<Section type="parameters">
<InlineSection>
**Type** <code class="primitive">string</code>
</InlineSection>
</Section>
The URL of the authorization endpoint.
</Segment>
<NestedTitle id="endpoint.token" Tag="h5" parent="Oauth2Config.endpoint.">token</NestedTitle>
<Segment>
<Section type="parameters">
<InlineSection>
**Type** <code class="primitive">string</code>
</InlineSection>
</Section>
The URL of the token endpoint.
</Segment>
<NestedTitle id="oauth2config.pkce" Tag="h4" parent="Oauth2Config.">pkce?</NestedTitle>
<Segment>
<Section type="parameters">
<InlineSection>
**Type** <code class="primitive">boolean</code>
</InlineSection>
</Section>

<InlineSection>
**Default** false
</InlineSection>
Whether to use PKCE (Proof Key for Code Exchange) for the authorization code flow.
Some providers like x.com require this.
</Segment>
<NestedTitle id="oauth2config.query" Tag="h4" parent="Oauth2Config.">query?</NestedTitle>
<Segment>
<Section type="parameters">
<InlineSection>
**Type** <code class="primitive">Record</code><code class="symbol">&lt;</code><code class="primitive">string</code>, <code class="primitive">string</code><code class="symbol">&gt;</code>
</InlineSection>
</Section>
Any additional parameters that you want to pass to the authorization endpoint.
```ts
{
  query: {
    access_type: "offline",
    prompt: "consent"
  }
}
```
</Segment>
<NestedTitle id="oauth2config.scopes" Tag="h4" parent="Oauth2Config.">scopes</NestedTitle>
<Segment>
<Section type="parameters">
<InlineSection>
**Type** <code class="primitive">string</code><code class="symbol">[]</code>
</InlineSection>
</Section>
A list of OAuth scopes that you want to request.
```ts
{
  scopes: ["email", "profile"]
}
```
</Segment>
</div>